#! /usr/bin/env bash

#  Licensed to the Apache Software Foundation (ASF) under one
#  or more contributor license agreements.  See the NOTICE file
#  distributed with this work for additional information
#  regarding copyright ownership.  The ASF licenses this file
#  to you under the Apache License, Version 2.0 (the
#  "License"); you may not use this file except in compliance
#  with the License.  You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.

TSQA_TSXS=${TSQA_TSXS:-/opt/ats/bin/tsxs}
TSQA_TESTNAME=$(basename $0)
COUNT=${COUNT:-10}
source $(dirname $0)/functions

# This test verifies Traffic Server can elevate privileges correctly, based on
# the configuration settings:
#
#       proxy.config.ssl.cert.load_elevated
#       proxy.config.plugin.load_elevated

check() {

  for i in $(seq $COUNT) ; do
    msg check $i ...
    touch $TSQA_ROOT/$(sysconfdir)/remap.config
    touch $TSQA_ROOT/$(sysconfdir)/ssl_multicert.config
    tsexec traffic_line -x
    msgwait 2
  done

  crash
}

if [ x"$(id -u)" != x"0" ] ; then
  fatal this test needs to be run as root
fi

bootstrap

# If Traffic Server is not up, bring it up ...
alive cop || startup || fatal unable to start Traffic Server
trap shutdown 0 EXIT

tsexec traffic_line -s proxy.config.ssl.cert.load_elevated -v 1
tsexec traffic_line -s proxy.config.plugin.load_elevated -v 1
tsexec traffic_line -s proxy.config.diags.debug.tags -v 'privileges'
tsexec traffic_line -s proxy.config.diags.debug.enabled -v 1

cat >$TSQA_ROOT/$(sysconfdir)/remap.config <<REMAP
# Add a remap rule, it doesn't matter what it is ..
map http://jtest.trafficserver.apache.org http://127.0.0.1 \
  @plugin=conf_remap.so @pparam=proxy.config.url_remap.pristine_host_hdr=1
REMAP

cat >$TSQA_ROOT/$(sysconfdir)/plugin.config <<PLUGIN
# Add a plugin, it doesn't matter which one. A better test would load
# a plugin that requires elevated access, and checks for it in the
# plugin interface.

xdebug.so
PLUGIN

# The sleep is needed to let Traffic Server schedule the config change.
msgwait 4 to restart load elevation enabled
tsexec traffic_line -L

msgwait 6 for traffic_server to restart
alive server || startup || fatal unable to start Traffic Server

check

exit $TSQA_FAIL

# vim: set sw=2 ts=2 et :
